Cross-Site Scripting Vulnerabilities in Malware Information Sharing Platform by MISP
CVE-2015-5720

6.1MEDIUM

Key Information:

Vendor

Misp-project

Status
Malware Information Sharing Platform
Vendor
CVE Published:
3 September 2016

What is CVE-2015-5720?

The Malware Information Sharing Platform (MISP) contains multiple cross-site scripting vulnerabilities within its template-creation feature. These vulnerabilities, present in versions prior to 2.3.90, enable remote attackers to inject arbitrary web scripts or HTML. The affected components include add.ctp, edit.ctp, and ajaxification.js, potentially compromising the security of user interactions and data integrity. Prompt updates and vigilance are necessary to mitigate the risks associated with these vulnerabilities.

References

https://www.circl.lu/advisory/CVE-2015-5720/
x_refsource_CONFIRM
http://www.securityfocus.com/bid/92738
vdb-entryx_refsource_BID
https://github.com/MISP/MISP/commit/812ac878c3645c02e2a59...
x_refsource_CONFIRM

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.